How Google Glass Can Improve ATM Banking Security

Google Glass could join forces with QR codes to make ATM banking safer even for people who use "1234" as their favorite password. The idea from German researchers could help thwart at least some cash machine skimming scams by turning PIN codes into one-time passwords visible only to individual Google Glass wearers.

ATM banking usually requires people to swipe their bank cards and enter a set PIN code—a process vulnerable to so-called ATM skimming by crooks who try to capture PIN numbers with hidden cameras and fake keypads. By comparison, the proposed Google Glass process would have ATM machines request one-time PIN numbers for a customer's visit and hide the PIN number within a QR code displayed on the screen. Google Glass could then decrypt the QR code using a secret key and display it for the individual customer's eyes only.

"We know that you can use it to abuse data," said Dominique Schroder, assistant professor of Cryptographic Algorithms at Saarland University, Germany, in a press release. "But it can also be used to protect data."

The process developed by Saarland University and the Max Planck Institute for Informatics in Germany requires the Google Glass user to have cryptographic software called "Ubic" loaded onto his or her hardware. Ubic would store the individual's secret key that "unlocks" the QR codes and finds the one-time PIN numbers generated during each ATM visit. That means other Google Glass users wouldn't be able to see the PIN numbers hidden within the QR codes because their keys don't fit.

A scammer could try to spy on a customer's PIN number when he or she enters it into the ATM machine, but the one-time PIN numbers would be useless for subsequent transactions.

Banking with one-time PIN numbers and QR codes doesn't necessarily require Google Glass—a smartphone with similar cryptographic hardware could also do the job by scanning QR codes. Still, the German researchers point out that Google Glass offers more privacy for users viewing their decrypted PIN numbers compared to viewing the numbers on a smartphone screen.

The Ubic developers also have their sights set on other Google Glass applications beyond ATM banking. For instance, the Ubic software could allow several people wearing Google Glass to read the same document with encrypted text and see certain text passages intended for their eyes only. Researchers plan to demonstrate the Google Glass ability to hide information at the CeBIT computer expo held in Hannover, Germany from 10-14 March.

"This could be interesting, for example, for large companies or agencies that are collecting information in one document, but do not want to show all parts to everybody," said Mark Simkin, a developer of Ubic.

Whether or not it catches on, the Ubic experiment makes good use of existing Google Glass capabilities in combination with cryptographic methods. After all, Google Glass already uses QR codes to connect users with hidden Wifi networks requiring encryption. But future Google Glass applications aimed at banking may also consider incorporating the growing array of biometric technologies intended for securing sensitive information.

Comments

IEEE Spectrum’s general technology blog, featuring news, analysis, and opinions about engineering, consumer electronics, and technology and society, from the editorial staff and freelance contributors.